secure payments & security pays
TRANSCRIPT
![Page 2: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/2.jpg)
ETT 2014 Introductie Hans Bouman - B2U
1992 – 2000 Product manager e-Commerce
2001 - heden Secure eCommerce
2002 – 2005 Country Manager Ogone
2005 Strategic Partner Europe (website security) www.hackersafe.eu
2006 Preferred Partner www.internetkassa.com
2006 Reseller (SaaS anti-spam/anti-virus) www.emailcleanport.nl
2014 Partner BeNeLux (Personalized websites) www.convertplus.nl
2015 - heden Email/SMS payment link service www.paybylink.eu
![Page 3: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/3.jpg)
3rd of March 2015
Secure Payments
Security Pays
![Page 4: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/4.jpg)
Security matrix
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
![Page 5: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/5.jpg)
WWW.PCISECURITYSTANDARD.ORG
![Page 6: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/6.jpg)
PCI is so… credit card focussed
![Page 7: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/7.jpg)
Security matrix
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
![Page 8: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/8.jpg)
Security so… credit card focused
Basket/products
First name, Surname
Financial information
Credit card numbers
Storage: more and more in the CLOUD
Social Security Number
Passport numbers
Driver's license number
Delivery address
Mobile number
Email address
Date of Birth
Passwords
Hobbies
Order history
![Page 9: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/9.jpg)
EU Directive 95/46/EC - The Data Protection Directive
“(46) Whereas the protection of the rights and freedoms of data
subjects with regard to the processing of personal data requires
that appropriate technical and organizational measures be taken,
both at the time of the design of the processing system and at the
time of the processing itself, particularly in order to maintain
security and thereby to prevent any unauthorized processing;
whereas it is incumbent on the Member States to ensure that
controllers comply with these measures; whereas these measures
must ensure an appropriate level of security, taking into
account the state of the art and the costs of their
implementation in relation to the risks inherent in the
processing and the nature of the data to be protected;”
![Page 10: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/10.jpg)
Security matrix
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
![Page 11: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/11.jpg)
Responsibility vs Liability
The OWNER of the domain.
The OWNER of the domain.
Who is responsible for the security of the website?
Who is legally liable?
The OWNER of the domain.
Who has to pay the costs and penalties?
![Page 12: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/12.jpg)
SQL-injection
SQL Database
Error Disclosure
Directory Traversals Improper Error Handling
Application Source Code Disclosure Authentication
Bypass
Insufficient Session Expiration
Command Injection
SSL Injection
Malicious CGI Scripts
Buffer Overflows
Client Side Vulnerabilities
Directory Indexing
Server Nisconfigurations
![Page 13: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/13.jpg)
How to involve marketing?
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
Partners
chain
protection
![Page 14: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/14.jpg)
So, where are your monitoring reports?
“We have a great website builder with good reputation”
“We have the most secure hosting company”
“It’s their risk a well, so they will manage it…”
“Other companies check it, so…”
![Page 15: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/15.jpg)
Vulnerability scan & report
![Page 16: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/16.jpg)
All internal staff & external partners
involved and fully committed
www.domain.nl
Hosting1
Firewalls, IDS,
DMZ, Routers,
Gateways, Ports,
Services,
Emailservers
Websites(n)
Applications, CMS,
scripts, XML-
interface, API’s
Internet
DNS
www.domain2.nl
Hosting3
Websites(n)
Applications, CMS,
scripts, XML-
interface, API’s
Firewalls, IDS,
DMZ, Routers,
Gateways, Ports,
Services,
Emailservers
Helpdesk
Responsible: Board
Managers
Mayors
Executive
Report (PDF)
login.domain.nl
Hosting2
Websites(n)
Applications, CMS,
scripts, XML-
interface, API’s
Firewalls, IDS,
DMZ, Routers,
Gateways, Ports,
Services,
Emailservers
Suppliers Shopping
portals Logistics
System owners
Programmer
External partners
Marketing
![Page 17: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/17.jpg)
How to involve marketing?
Privacy
legislation Legal
liability
Quality
Syst.own
Program.
Educate
merchants
Hosting
issues
Website &
application
builders
Manage
ment
& reports
Marketing
&
TRUST
Partners
chain
protection
![Page 18: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/18.jpg)
If you invest in security, why not show it?
![Page 19: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/19.jpg)
Malware verspreid via grote websites
![Page 20: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/20.jpg)
Get trusted: “NO MALWARE”
www.convertplus.nl
![Page 21: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/21.jpg)
How the buyer thinks…
How?
![Page 23: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/23.jpg)
Trust starts at search-engines
Ah, that one
is secure
![Page 27: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/27.jpg)
No SSL or even SSL-error message…
Don’t understand,
but looks scary...
Close window!
![Page 32: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/32.jpg)
3rd of March 2015
Secure Payments
Security Pays
![Page 33: Secure payments & Security Pays](https://reader030.vdocuments.us/reader030/viewer/2022032421/55a67fde1a28ab606f8b488d/html5/thumbnails/33.jpg)
Thank you!
BUSINESS TO YOU
www.b2u.nl
www.hackersafe.eu
Office: +31 297 381302
Email: [email protected]